Enterprise user can only create relationships with their own enterprises as parent

app/assets/javascripts/admin/services/enterprises.js.coffee

@@ -1,4 +1,5 @@
-Admin.factory 'Enterprises', (enterprises) ->
+Admin.factory 'Enterprises', (my_enterprises, all_enterprises) ->
   new class Enterprises
     constructor: ->
-      @enterprises = enterprises
+      @my_enterprises = my_enterprises
+      @all_enterprises = all_enterprises

app/controllers/admin/enterprise_relationships_controller.rb

@@ -1,7 +1,8 @@
 module Admin
   class EnterpriseRelationshipsController < ResourceController
     def index
-      @enterprises = Enterprise.managed_by(spree_current_user).by_name
+      @my_enterprises = Enterprise.managed_by(spree_current_user).by_name
+      @all_enterprises = Enterprise.by_name
       @enterprise_relationships = EnterpriseRelationship.by_name
     end
 

app/views/admin/enterprise_relationships/_data.html.haml

@@ -1,3 +1,4 @@
 :javascript
   angular.module('ofn.admin').value('enterprise_relationships', #{render partial: "admin/json/enterprise_relationships", object: @enterprise_relationships});
-  angular.module('ofn.admin').value('enterprises',              #{render partial: "admin/json/enterprises",              object: @enterprises});
+  angular.module('ofn.admin').value('my_enterprises',           #{render partial: "admin/json/enterprises",              object: @my_enterprises});
+  angular.module('ofn.admin').value('all_enterprises',          #{render partial: "admin/json/enterprises",              object: @all_enterprises});

app/views/admin/enterprise_relationships/_form.html.haml

@@ -1,9 +1,9 @@
 %tr
   %td
-    %select{name: "enterprise_relationship_parent_name", "ng-model" => "parent_id", "ng-options" => "e.id as e.name for e in Enterprises.enterprises"}
+    %select{name: "enterprise_relationship_parent_id", "ng-model" => "parent_id", "ng-options" => "e.id as e.name for e in Enterprises.my_enterprises"}
   %td permits
   %td
-    %select{name: "enterprise_relationship_child_name", "ng-model" => "child_id", "ng-options" => "e.id as e.name for e in Enterprises.enterprises"}
+    %select{name: "enterprise_relationship_child_id", "ng-model" => "child_id", "ng-options" => "e.id as e.name for e in Enterprises.all_enterprises"}
   %td.actions
     %input{type: "button", value: "Create", "ng-click" => "create()"}
     .errors {{ EnterpriseRelationships.create_errors }}

spec/features/admin/enterprise_relationships_spec.rb

@@ -7,70 +7,86 @@ feature %q{
   include AuthenticationWorkflow
   include WebHelper
 
-  before { login_to_admin_section }
+
+  context "as a site administrator" do
+    before { login_to_admin_section }
+
+    scenario "listing relationships" do
+      # Given some enterprises with relationships
+      e1, e2, e3, e4 = create(:enterprise), create(:enterprise), create(:enterprise), create(:enterprise)
+      create(:enterprise_relationship, parent: e1, child: e2)
+      create(:enterprise_relationship, parent: e3, child: e4)
+
+      # When I go to the relationships page
+      click_link 'Enterprises'
+      click_link 'Relationships'
+
+      # Then I should see the relationships
+      within('table#enterprise-relationships') do
+        page.should have_table_row [e1.name, 'permits', e2.name, '']
+        page.should have_table_row [e3.name, 'permits', e4.name, '']
+      end
+    end
 
 
-  scenario "listing relationships" do
-    # Given some enterprises with relationships
-    e1, e2, e3, e4 = create(:enterprise), create(:enterprise), create(:enterprise), create(:enterprise)
-    create(:enterprise_relationship, parent: e1, child: e2)
-    create(:enterprise_relationship, parent: e3, child: e4)
+    scenario "creating a relationship" do
+      e1 = create(:enterprise, name: 'One')
+      e2 = create(:enterprise, name: 'Two')
 
-    # When I go to the relationships page
-    click_link 'Enterprises'
-    click_link 'Relationships'
+      visit admin_enterprise_relationships_path
+      select 'One', from: 'enterprise_relationship_parent_id'
+      select 'Two', from: 'enterprise_relationship_child_id'
+      click_button 'Create'
 
-    # Then I should see the relationships
-    within('table#enterprise-relationships') do
       page.should have_table_row [e1.name, 'permits', e2.name, '']
-      page.should have_table_row [e3.name, 'permits', e4.name, '']
+      EnterpriseRelationship.where(parent_id: e1, child_id: e2).should be_present
+    end
+
+
+    scenario "attempting to create a relationship with invalid data" do
+      e1 = create(:enterprise, name: 'One')
+      e2 = create(:enterprise, name: 'Two')
+      create(:enterprise_relationship, parent: e1, child: e2)
+
+      expect do
+        # When I attempt to create a duplicate relationship
+        visit admin_enterprise_relationships_path
+        select 'One', from: 'enterprise_relationship_parent_id'
+        select 'Two', from: 'enterprise_relationship_child_id'
+        click_button 'Create'
+
+        # Then I should see an error message
+        page.should have_content "That relationship is already established."
+      end.to change(EnterpriseRelationship, :count).by(0)
+    end
+
+
+    scenario "deleting a relationship" do
+      e1 = create(:enterprise, name: 'One')
+      e2 = create(:enterprise, name: 'Two')
+      er = create(:enterprise_relationship, parent: e1, child: e2)
+
+      visit admin_enterprise_relationships_path
+      page.should have_table_row [e1.name, 'permits', e2.name, '']
+
+      first("a.delete-enterprise-relationship").click
+
+      page.should_not have_table_row [e1.name, 'permits', e2.name, '']
+      EnterpriseRelationship.where(id: er.id).should be_empty
     end
   end
 
+  context "as an enterprise user" do
+    let!(:d1) { create(:distributor_enterprise) }
+    let!(:d2) { create(:distributor_enterprise) }
+    let(:enterprise_user) { create_enterprise_user([d1]) }
 
-  scenario "creating a relationship" do
-    e1 = create(:enterprise, name: 'One')
-    e2 = create(:enterprise, name: 'Two')
+    before { login_to_admin_as enterprise_user }
 
-    visit admin_enterprise_relationships_path
-    select 'One', from: 'enterprise_relationship_parent_name'
-    select 'Two', from: 'enterprise_relationship_child_name'
-    click_button 'Create'
-
-    page.should have_table_row [e1.name, 'permits', e2.name, '']
-    EnterpriseRelationship.where(parent_id: e1, child_id: e2).should be_present
-  end
-
-
-  scenario "attempting to create a relationship with invalid data" do
-    e1 = create(:enterprise, name: 'One')
-    e2 = create(:enterprise, name: 'Two')
-    create(:enterprise_relationship, parent: e1, child: e2)
-
-    expect do
-      # When I attempt to create a duplicate relationship
+    scenario "enterprise user can only add their own enterprises as parent" do
       visit admin_enterprise_relationships_path
-      select 'One', from: 'enterprise_relationship_parent_name'
-      select 'Two', from: 'enterprise_relationship_child_name'
-      click_button 'Create'
-
-      # Then I should see an error message
-      page.should have_content "That relationship is already established."
-    end.to change(EnterpriseRelationship, :count).by(0)
-  end
-
-
-  scenario "deleting a relationship" do
-    e1 = create(:enterprise, name: 'One')
-    e2 = create(:enterprise, name: 'Two')
-    er = create(:enterprise_relationship, parent: e1, child: e2)
-
-    visit admin_enterprise_relationships_path
-    page.should have_table_row [e1.name, 'permits', e2.name, '']
-
-    first("a.delete-enterprise-relationship").click
-
-    page.should_not have_table_row [e1.name, 'permits', e2.name, '']
-    EnterpriseRelationship.where(id: er.id).should be_empty
+      page.should have_select 'enterprise_relationship_parent_id', options: ['', d1.name]
+      page.should have_select 'enterprise_relationship_child_id', options: ['', d1.name, d2.name]
+    end
   end
 end